Ketje is an authenticated encryption scheme based on Keccak-p. It takes as input a secret key and a nonce, then some associated data (or metadata) that are authenticated but not encrypted and finally some plaintext. It produces a cryptogram comprising the ciphertext and a tag authenticating both the metadata and the plaintext. The recipient holding the same secret key can decrypt the cryptogram and check whether it is authentic.
Ketje supports also the concept of sessions. Without having to input the key again and a new nonce, the communicating parties can keep on exchanging metadata-plaintext pairs. Each time, the tag authenticates the complete exchange of messages so far.
Ketje Jr and Kejte Sr aim at compact implementations in constrained environments, whereas Kejte Minor and Kejte Major are research ciphers that aim at high speed.
|Synopsis||The Ketje authenticated encryption scheme|
|Designed by||Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and Ronny Van Keer|
|Implements||An authenticated encryption scheme with associated data and support for sessions|
|Construction||The MonkeyWrap authenticated encryption mode on top of the MonkeyDuplex construction|
|Primitive||The Keccak-p[b, nr] permutations, with a twist|
|Parameterized by||The width of the permutation b and by the block size ρ|
|Status||Third-round candidate in the CAESAR competition|
We define and document Ketje in the Ketje CAESAR submission v2.0.